The Manager, Application Security is responsible for strengthening the enterprise application security posture. This is a hands-on individual contributor role involving penetration testing, secure code reviews, software composition analysis, container image assurance, and vulnerability assessments. The role also includes managing security findings and supporting compliance with financial industry regulations.

The ideal candidate will have strong technical expertise, practical testing experience, and familiarity with regulatory requirements such as MAS TRM Guidelines and the BNM RMiT Policy Document.

Key Responsibilities :

- Conduct penetration testing for web, mobile, and API applications

- Perform secure code reviews, software composition analysis (SCA), and container image assurance to identify vulnerabilities early in the SDLC

- Carry out vulnerability assessments for applications, middleware, and supporting systems

- Utilize industry-standard tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Black Duck, Nessus, Aqua, and Qualys

- Triage, validate, and prioritize security findings from assessments

- Collaborate with development, DevOps, and infrastructure teams to ensure timely remediation

- Track and report remediation progress, ensuring closure within regulatory and Technology Security Standards timelines

- Provide guidance to developers and project teams on secure coding practices

- Embed application security controls and tools (SAST, DAST, SCA, IAST) into CI/CD pipelines

- Maintain security documentation and provide evidence for audits and regulatory reviews

- Ensure compliance with internal policies, regulatory obligations, and industry best practices

- Support audits, risk assessments, and regulatory inspections related to application security

Required Qualifications & Experience :

- Bachelors degree in Information Security, Computer Science, or a related field

- Professional certifications such as CREST, OSCP+, OSEP, or GPEN

- 7+ years of IT security experience, with at least 4 years of hands-on experience in project-based and annual penetration testing for web, mobile, and API applications

- Experience in secure code reviews, software composition analysis, container image assurance, and vulnerability assessments

- Strong technical knowledge of web, mobile, and API security, including OWASP Top 10 and common attack vectors

- Hands-on expertise with application security testing tools

- Working knowledge of MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements